Hello,
I am currently trying to sign a file with an iasecc compliant
smartcard and openssl but I can find out how to specify the private
key to use.
The private key I want to select "belongs" to the ECC Generic ID application.
When signing with pkcs15-crypt tool, I execute the following command
and it works well:
pkcs15-crypt --aid E828BD080FD25047656E65726963 -k $my_key_id--sign
--pkcs1 --sha-1 --input data-1.sha1 --pin $my_pin --output
data-1.auth.sig
When using openssl, I use the following command:
openssl
OpenSSL> engine -t dynamic -pre
SO_PATH:/usr/lib/engines/engine_pkcs11.so -pre ID:pkcs11 -pre
LIST_ADD:1 -pre LOAD -pre MODULE_PATH:/usr/lib/opensc-pkcs11.so
(dynamic) Dynamic engine loading support
[Success]: SO_PATH:/usr/lib/engines/engine_pkcs11.so
[Success]: ID:pkcs11
[Success]: LIST_ADD:1
[Success]: LOAD
[Success]: MODULE_PATH:/usr/lib/opensc-pkcs11.so
Loaded: (pkcs11) pkcs11 engine
[ available ]
OpenSSL> smime -nodetach -binary -outform PEM -sign -signer $my_cert
pem -inkey $my_key_id -keyform engine -in data-1.txt -out test.p7m
-engine pkcs11
engine "pkcs11" set.
Invalid slot number: 0
PKCS11_get_private_key returned NULL
cannot load signing key file from engine
3611:error:26096080:engine routines:ENGINE_load_private_key:failed
loading private key:eng_pkey.c:126:
unable to load signing key file
error in smime
OpenSSL>
The problem is that I couldn't find how to specify $my_key_id in the
latter case.
By the way:
- I don't know if it is possible to also reference the certificate
associated to the key stored in the card; I use a pem file extracted
previously.
- I don"t how the pin will be managed when needed.
Any help will be greatly appreciated!
--
Jean-Pierre Fortune
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
